Challenge

Note

Description

A company stored a secret message on a server which got breached due to the admin using weakly hashed passwords. Can you gain access to the secret stored within the server? Access the server using nc verbal-sleep.picoctf.net 53299

Solution

Connecting to the server shows the following interface. The hash looks like an md5, but to confirm let us copy the hash and check it at https://hashes.com/en/tools/hash_identifier. As you can see below it is identified as md5. The same website provides a way to find the plain text of a hash. They have a dictionary of known hashes and they lookup this dictionary to find the plain text. You can use it here https://hashes.com/en/decrypt/hash. Enter the plaintext from above in the terminal and it presents you with another hash. This hash looks different and definitely not md5. This is a sha1 hash, now we again use the same tool to find the plaintext.

After this there is another hash which is sha256. Again using the same website we find the plain text. We then finally find the flag.